move err invalid signature fraud

dymensionxyz · Oct 22, 2024 · adffd84 · adffd84
1 parent 166ef41
commit adffd84
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 16 deletions.
diff --git a/types/validation.go b/types/validation.go
@@ -125,6 +125,17 @@ func (c *Commit) ValidateWithHeader(proposerPubKey tmcrypto.PubKey, header *Head
 		return NewErrInvalidSignatureFraud(err)
 	}
 
+	abciHeaderPb := ToABCIHeaderPB(header)
+	abciHeaderBytes, err := abciHeaderPb.Marshal()
+	if err != nil {
+		return err
+	}
+
+	// commit is validated to have single signature
+	if !proposerPubKey.VerifySignature(abciHeaderBytes, c.Signatures[0]) {
+		return NewErrInvalidSignatureFraud(ErrInvalidSignature)
+	}
+
 	if c.Height != header.Height {
 		return NewErrInvalidBlockHeightFraud(c.Height, header.Height)
 	}
@@ -147,14 +158,5 @@ func (c *Commit) ValidateWithHeader(proposerPubKey tmcrypto.PubKey, header *Head
 		return NewErrInvalidHeaderHashFraud(c.HeaderHash, header.Hash())
 	}
 
-	abciHeaderPb := ToABCIHeaderPB(header)
-	abciHeaderBytes, err := abciHeaderPb.Marshal()
-	if err != nil {
-		return err
-	}
-	// commit is validated to have single signature
-	if !proposerPubKey.VerifySignature(abciHeaderBytes, c.Signatures[0]) {
-		return NewErrInvalidSignatureFraud(ErrInvalidSignature)
-	}
 	return nil
 }
diff --git a/types/validation_test.go b/types/validation_test.go
@@ -342,13 +342,7 @@ func TestCommit_ValidateWithHeader(t *testing.T) {
 			},
 		}
 
-		abciHeaderPb := ToABCIHeaderPB(&block.Header)
-		abciHeaderBytes, err := abciHeaderPb.Marshal()
-		if err != nil {
-			return nil, nil, nil, err
-		}
-
-		signature, err := proposerKey.Sign(abciHeaderBytes)
+		abciHeaderBytes, signature, err := signBlock(block, proposerKey)
 		if err != nil {
 			return nil, nil, nil, err
 		}
@@ -446,6 +440,14 @@ func TestCommit_ValidateWithHeader(t *testing.T) {
 		// Modify the block header's proposer address to simulate a mismatch
 		block.Header.ProposerAddress = anotherKey.PubKey().Address() // Set to a different proposer's address
 
+		// resign the block with the new proposer address
+		_, signature, err := signBlock(block, proposerKey)
+		if err != nil {
+			return
+		}
+
+		commit.Signatures = []Signature{signature}
+
 		// Ensure the proposer's address does not match the block header's proposer address
 		require.NotEqual(t, proposerKey.PubKey().Address(), block.Header.ProposerAddress, "The proposer's public key address should not match the block header proposer address")
 
@@ -463,6 +465,14 @@ func TestCommit_ValidateWithHeader(t *testing.T) {
 		// Modify the block header's SequencerHash to simulate a mismatch
 		block.Header.SequencerHash = [32]byte{1, 2, 3} // Set to an invalid hash
 
+		// resign the block with the new SequencerHash
+		_, signature, err := signBlock(block, proposerKey)
+		if err != nil {
+			return
+		}
+
+		commit.Signatures = []Signature{signature}
+
 		// Ensure the SequencerHash does not match the proposer's hash
 		hash := NewSequencerFromValidator(*tmtypes.NewValidator(proposerKey.PubKey(), 1)).MustHash()
 		require.NoError(t, err, "Generating the SequencerHash should not fail")
@@ -489,3 +499,18 @@ func TestCommit_ValidateWithHeader(t *testing.T) {
 		require.True(t, errors.Is(err, gerrc.ErrFault), "The error should be a fraud error")
 	})
 }
+
+func signBlock(block *Block, proposerKey ed25519.PrivKey) ([]byte, []byte, error) {
+	abciHeaderPb := ToABCIHeaderPB(&block.Header)
+	abciHeaderBytes, err := abciHeaderPb.Marshal()
+	if err != nil {
+		return nil, nil, err
+	}
+
+	signature, err := proposerKey.Sign(abciHeaderBytes)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return abciHeaderBytes, signature, nil
+}